Electronic health records and other electronic personal health data is known as health informatics in the business. This is an area that is experiencing an explosion of standards activity as the industry sets the ground rules for this rapidly expanding segment of the business. Now ISO has just released two new documents, ISO/TS 14441 and ISO 22857. You’ll want to review them if electronic health information is a component of the products you make or buy. The first is ISO/TS 14441, “Health informatics – Security and privacy requirements of EHR systems for use in conformity assessment.” The second is ISO 22857, “Health informatics – Guidelines on data protection to facilitate trans-border flows of personal health data.”
We are just starting to learn how essential security and data protection are in many business endeavors that rely on information transmission. And there is no doubt that there is a coming explosion of health-related mobile apps and other software applications. Further, the use of EHR (electronic health records) is an important component of the current healthcare reform movement, with expected improvement in care and reduction in cost as drivers of the process. But there are hidden perils for such products!
Here’s more information on each of the ISO documents. Read on to see if either or both are appropriate for your business:
ISO/TS 14441, 1st Edition, “Health informatics – Security and privacy requirements of EHR systems for use in conformity assessment.”
This new standard has been written to address the networking of “point-of-service” facilities (like clinics and hospitals). It is intended to help design protocols to handle the networked movement of health records that can meet specific assessment criteria. So it covers the security and privacy requirements needed for such information transmission. And it covers the main categories of attack that such information might be subject to.
It also reflects on conformance assessment itself — the best practices for establishing and maintaining such a program, and the key concepts and processes such a program would be expected to meet. These are supported by 4 real-world examples from countries that had such programs in place as of 2010.
The document is intended to support agencies in establishing criteria for evaluating and regulating security/privacy requirements and implementing compliance. And it can be used as an evaluation tool by an organization that is in the process of purchasing such a system.
ISO 22857, 2nd Edition, “Health informatics – Guidelines on data protection to facilitate trans-border flows of personal health data”
This new standard is a technical revision of the previous 1st edition from 2004 (now obsolete). It deals with the challenges of moving health-related information over jurisdictional borders, a functionality that is becoming more and more common. It recognizes that such information may be held or processed by “off-shore” contractors, as well as being aggregated by research facilities, healthcare organizations, and on so.
ISO 22857 provides you with an overview of data security specifically for health data. You’ll review the criteria for data protection, as well as the 11 principles of high level security policy. There is special attention given to processing security, with information on encryption, digital signatures, audit trails and so on.
The standard provides you with a list of the primary international regulatory documents on data protection, and a description of the salient points for each. And it also has a review of legal requirements in a number of countries as well. It provides a sample contract clauses that may be of assistance when setting up controller to controller or controller to processor relationships. Very sensitive personal health data is defined and suggestions on handling such information are given.
If you need ISO/TS 14441 and ISO 22857, or any other ISO document, go to the Document Center Inc. web store at www.document-center.com. There you’ll find an extensive collection of standards, including both current and obsolete revisions. And you’re always welcome to get in touch with us by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com). We’ve been providing standards to folks like you since 1982. Make us your Standards Experts!
